This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/3KIe1YS7QLLqz4eqT1TIg8Y0lHA.roa
File:                     3KIe1YS7QLLqz4eqT1TIg8Y0lHA.roa (raw, json)
Hash identifier:          E01qUWDxs3w8/EkHXVeEMazo/S6sr6Nl2XEVde5Y+Qw=
Subject key identifier:   DC:A2:1E:D5:84:BB:40:B2:EA:CF:87:AA:4F:54:C8:83:C6:34:94:70
Certificate issuer:       /CN=d45bab208653d4261ebf202f6036334119846055
Certificate serial:       019B7E37302ED6959C4253D7F63D8A43FC82
Authority key identifier: D4:5B:AB:20:86:53:D4:26:1E:BF:20:2F:60:36:33:41:19:84:60:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/3KIe1YS7QLLqz4eqT1TIg8Y0lHA.roa
Signing time:             Fri 02 Jan 2026 10:18:24 +0000
ROA not before:           Fri 02 Jan 2026 10:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9121
IP address blocks:        193.37.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:30:2e:d6:95:9c:42:53:d7:f6:3d:8a:43:fc:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bab208653d4261ebf202f6036334119846055
        Validity
            Not Before: Jan  2 10:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dca21ed584bb40b2eacf87aa4f54c883c6349470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:25:31:1e:d4:97:36:d1:ed:c7:ae:f6:e2:41:
                    88:53:55:fb:5c:99:3d:05:0d:40:5f:60:7d:45:ee:
                    63:4a:54:5c:66:b9:b2:f1:df:86:73:df:7e:c3:77:
                    33:79:45:3c:8d:6a:c0:cc:47:e7:8c:0b:ec:8d:d5:
                    f8:10:5d:06:8d:58:88:b3:97:45:de:60:5d:1f:52:
                    19:c1:fa:7d:4f:08:20:1e:58:c0:79:47:40:4e:91:
                    ee:47:f4:2d:e4:ca:29:df:5b:52:28:e7:16:73:0a:
                    70:e7:29:61:6f:09:8e:fa:42:5a:f5:a7:75:15:4a:
                    6a:ed:a8:58:b2:14:e1:1c:8a:99:33:db:67:d2:b4:
                    df:af:bd:3e:6d:43:44:19:f2:24:f4:9b:ec:e8:fd:
                    4e:88:27:52:de:54:26:c1:e1:d8:6f:96:a1:ee:17:
                    32:86:28:c6:0a:da:b7:ef:78:7d:f9:42:ae:20:14:
                    99:a6:44:95:1e:48:b2:39:5c:bf:2c:23:ab:58:3f:
                    98:bc:a5:89:42:ef:c3:0c:c6:64:ba:1e:bf:c3:32:
                    44:34:f4:ac:77:fd:f5:f5:64:fa:5f:c5:b8:5f:90:
                    fc:ec:d0:b4:ae:73:76:7c:18:63:29:a1:42:f5:b8:
                    7b:4f:d3:4e:40:95:5c:a8:a7:80:5b:ea:db:46:cb:
                    fc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A2:1E:D5:84:BB:40:B2:EA:CF:87:AA:4F:54:C8:83:C6:34:94:70
            X509v3 Authority Key Identifier:
                keyid:D4:5B:AB:20:86:53:D4:26:1E:BF:20:2F:60:36:33:41:19:84:60:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/3KIe1YS7QLLqz4eqT1TIg8Y0lHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b4:0d:38:83:79:0c:ab:3a:59:09:50:86:e8:9e:8d:1d:61:
         bf:ab:e6:c2:82:01:f4:49:95:de:2b:2e:1a:71:17:12:7a:85:
         48:18:5d:db:88:d7:bc:5d:a3:88:f3:ce:31:58:a0:a6:25:dd:
         02:a8:d4:e8:d2:6c:e1:1f:0e:f8:bf:7e:c4:f0:9c:3d:48:4b:
         53:ed:64:4e:00:c0:02:bd:c1:ff:e3:e2:1b:5e:c3:29:fd:4c:
         ca:0f:a2:25:ef:95:c1:0d:63:48:3d:e1:ef:1d:3c:56:8c:52:
         9b:59:66:d1:72:4d:b8:fe:90:00:d0:aa:fe:5c:18:85:61:6a:
         28:69:1c:19:ff:eb:76:3b:d1:ef:b4:79:94:db:6b:04:10:25:
         ed:b9:a5:50:46:11:7b:d4:7c:2c:34:79:81:88:a6:3c:d6:aa:
         68:98:19:e3:fb:9f:9c:11:88:c4:f4:65:70:e8:c4:1b:66:0b:
         51:08:bc:67:bb:fa:f8:a8:b4:01:39:2f:99:a5:86:65:21:74:
         17:45:18:ed:9b:b1:31:70:34:83:26:94:09:3d:30:2b:10:6b:
         7f:68:c9:5e:a5:37:b2:cb:6d:8b:a3:ac:a6:52:b7:19:a1:40:
         5e:de:6f:99:cd:f7:fc:cb:98:8c:3b:fd:3c:b6:46:10:c6:c5:
         06:76:5b:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+NzAu1pWcQlPX9j2KQ/yCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJhYjIwODY1M2Q0MjYxZWJmMjAyZjYwMzYzMzQxMTk4
NDYwNTUwHhcNMjYwMTAyMTAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2EyMWVkNTg0YmI0MGIyZWFjZjg3YWE0ZjU0Yzg4M2M2MzQ5NDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSUxHtSXNtHtx6724kGIU1X7XJk9
BQ1AX2B9Re5jSlRcZrmy8d+Gc99+w3czeUU8jWrAzEfnjAvsjdX4EF0GjViIs5dF
3mBdH1IZwfp9TwggHljAeUdATpHuR/Qt5Mop31tSKOcWcwpw5ylhbwmO+kJa9ad1
FUpq7ahYshThHIqZM9tn0rTfr70+bUNEGfIk9Jvs6P1OiCdS3lQmweHYb5ah7hcy
hijGCtq373h9+UKuIBSZpkSVHkiyOVy/LCOrWD+YvKWJQu/DDMZkuh6/wzJENPSs
d/319WT6X8W4X5D87NC0rnN2fBhjKaFC9bh7T9NOQJVcqKeAW+rbRsv82wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyiHtWEu0Cy6s+Hqk9UyIPGNJRwMB8GA1UdIwQY
MBaAFNRbqyCGU9QmHr8gL2A2M0EZhGBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ1cklJWlQxQ1lldnlBdllEWXpRUm1FWUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wYWVjMWYtNjA2NS00ZDg4LTg0NTQt
MTI0ZDNmYjM5MDZhLzEvM0tJZTFZUzdRTExxejRlcVQxVElnOFkwbEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wYWVjMWYtNjA2NS00ZDg4LTg0NTQtMTI0ZDNmYjM5MDZh
LzEvMUZ1cklJWlQxQ1lldnlBdllEWXpRUm1FWUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWHMA0G
CSqGSIb3DQEBCwUAA4IBAQBHtA04g3kMqzpZCVCG6J6NHWG/q+bCggH0SZXeKy4a
cRcSeoVIGF3biNe8XaOI884xWKCmJd0CqNTo0mzhHw74v37E8Jw9SEtT7WROAMAC
vcH/4+IbXsMp/UzKD6Il75XBDWNIPeHvHTxWjFKbWWbRck24/pAA0Kr+XBiFYWoo
aRwZ/+t2O9HvtHmU22sEECXtuaVQRhF71HwsNHmBiKY81qpomBnj+5+cEYjE9GVw
6MQbZgtRCLxnu/r4qLQBOS+ZpYZlIXQXRRjtm7ExcDSDJpQJPTArEGt/aMlepTey
y22Lo6ymUrcZoUBe3m+Zzff8y5iMO/08tkYQxsUGdluw
-----END CERTIFICATE-----